[exim] Re(2): "Ghost" user running exim?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Bill Hacker
Date:  
À: Exim Users
Sujet: [exim] Re(2): "Ghost" user running exim?
>>Ta-da!
>
>Ta-Huh-Yes-I-Saw-That-DA... :)
>
>>As described earlier by Andrew <andrew@???>:
>>
>>> To be able to use require_files to verify the recipient, the directory
>>> path must be readable to the exim user or group. If that isn't
>>> possible, then you would need to turn on no_verify on the router, and
>>> add another router with verify_only that checks for valid recipients
>>> using some other method not involving reading those directories
>
>>If you make parts of your sympa installation have owner:group of
>sympa:exim, and >ensure that they are group readable, you should be cooking
>(to coin a British >phrase). Note that I've never used sympa so I could be
>talking from somewhere >very dark here!
>
>The problem there is that I think that is handled.
>haven:~# grep sympa /etc/group
>sympa:x:1002:Debian-exim:mail
>
>Since I use Initgroup = yes, should not Exim assume the group Sympa as well?


'Mericanism here: If at first you don't succeed, cheat....

cp /home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config

to, for example:

/usr/local/etc/exim/sympa

chown <exim's UID>:<exim's GID> /usr/local/etc/exim/sympa

chmod 755 /usr/local/etc/exim/sympa

Change the configure to look for the copies that you are now
*certain*exim can access..

If the problem then goes away, then have a look and see what the original
files say....

ls -lF /home/sympa/expl/listor.skyddsrummet.net/bjorkriset-styrelse/config

Then chop off the last item and repeat, repeat, repeat walking back up
the dirtree all the way to

ls -lF /home

And keep in mind that:

- all the *file* needs is the 'read' bit set for group as well as owner.
- Obvious, and rarely overlooked.

- But for each *directory* level, the EXECUTE bit must also be set,
ELSE 'traversing' that directory to *find* said file may be blocked.
- Not so obvious, and OFTEN overlooked.....

Bill

>
>
>>Alternatively put no_verify on in that router and create a new router with
>>verify_only which can lookup the sympa list addresses in a different way:
>because >you know all the addresses you can run a script that creates a file
>containing >the list addresses on their own and run that from a cron job. It
>should be >relatively easy to create that file, and do a lookup from it for
>listname@domain.
>
>Yes, I have been thinking in those lines myself.
>BUT: Why do I need "no_verify"? Can I not just use "Condition =
>lsearch......"?
>
>But, I suppose the question here is: Why does it appear that "Initgroup"
>doesn't do what I think the manual says it will do?
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://www.exim.org/eximwiki/